CALIFORNIA has passed a law that bans default passwords for security, home automation, CCTV and Internet of Things (IoT) devices from January 1, 2020.

Senate Bill No. 327 requires manufacturers equip it with a “reasonable security feature or features”, as well as default passwords unique to each device or that prompt the user to generate a new password before using the product.

The legislation will eliminate installed and hard-coded default passwords to any “physical object that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address”.